Remote subscriber identity module (SIM) provisioning includes activities such as downloading, installing, enabling, disabling, switching and deleting of a profile on an embedded universal integrated circuit card (eUICC). An eUICC is a secure element for hosting profiles. A profile is a combination of operator data and applications provisioned on an eUICC in a device for the purposes of providing services by an operator. A profile can contain one or more secure data used to prove identity and thus verify contract rights to services. Some remote provision aspects are handled through a discovery server. A device may attempt to perform unnecessary profile operations, e.g., duplicate profile operations, if notifications on the discovery server are not up-to-date.
A profile can be identified by a unique number called an ICCID (Integrated Circuit Card Identifier). Profile management can include a combination of local and remote management operations such as enable profile, disable profile, delete profile, and query profiles present on an eUICC. An operator is a company providing wireless cellular network services. A mobile network operator (MNO) is an entity providing access capability and communication services to its subscribers through a mobile network infrastructure. In some cases, the device is user equipment used in conjunction with an eUICC to connect to a mobile network. In a machine-to-machine (M2M) environment, a device may not be associated with a user and may have no user interface. An end user is a person using a (consumer or enterprise) device. An enabled profile can include files and/or applications which are selectable over an eUICC-device interface.
A function which provides profile packages is known as a subscription manager data preparation (SM-DP, or SM-DP+), also known as an eSIM server. An SM-DP may also be referred to as a profile provider or as an eSIM vendor. An eSIM is an electronic SIM. An eSIM is an example of a profile. A profile package can be a personalized profile using an interoperable description format that is transmitted to an eUICC as the basis for loading and installing a profile. Profile data which is unique to a subscriber, e.g., a phone number or an International Mobile Subscriber Identity (IMSI), are examples of personalization data. The SM-DP communicates over an interface with an eUICC. Certificates used for authentication and confidentiality purposes can be generated by a trusted certificate issuer.
An architecture framework related to remote provisioning and management of eUICCs in devices is outlined in GSM Association document GSMA SGP.21: “RSP Architecture,” Version 1.0 Dec. 23, 2015 (hereinafter “SGP.21”). A related document provided by the GSM Association is SGP.22 “RSP Technical Specification,” Version 1.0, Jan. 13, 2016 (hereinafter “SGP.22”).
A device may pull a notification of an event from a root server where the event is pushed to the root server by an SM-DP+ server. FIG. 1 illustrates SM-DP+ servers 140 and 150 in communication over interfaces 141 and 151, respectively, with a subscription manager discovery service (SMDS) server or root server 130. Further information on SM-DP+ servers can be found in SGP.22. The root server 130 is in communication with a device 110 over an interface 131. The device 110 includes an eUICC 102 associated with an identifier EID 103. In the operation of this system, the SM-DP+ server 140 may push data, represented as a message 149 over the interface 141. The data can include an address of the SM-DP+ server 140. The address is represented in FIG. 1 as @SM-DP+ server 140. The device 110 can pull a notification list. The pull operation is represented by the message 119 in FIG. 1. FIG. 2 illustrates a message flow that can occur on the system of FIG. 1. Based on an action 10, the SM-DP+ server 140 can send notification data to the root server 130 in the message 149. The device 110, based on an action 20, can pull a notification list from root server 130. The pull sequence is represented by messages 202 and 203. The device 110 then reads a notification from the notification list and downloads an event. The request for the event and the download of the event are indicated as messages 204 and 205. The device 110, along with the eUICC 102, can then process the event as indicated by process command 30. After successful completion of the event, the device 110 can send a receipt to the eSIM server 140 as indicated by the message 206. The SM-DP+ server 140 can then delete the corresponding event using the message 207, which triggers the update 40 item at the root server 130. At any time, the device 110 may again pull and download as indicated by pull and download 50. After the latter download, the device 110 and the eUICC 102 may process the event as indicated by process event 60 in FIG. 2.
An eUICC includes an operating system, and the operating system can include ability to provide authentication algorithms to network access applications associated with a given operator. The operating system also can include the ability to translate profile package data into an installed profile using a specific internal format of the eUICC. An ISD-P (issuer security domain—profile) can host a unique profile within an eUICC. The ISD-P is a secure container or security domain for the hosting of the profile. The ISD-P is used for profile download and installation based on a received bound profile package. A bound profile package is a profile package which has been encrypted for a target eUICC. An ECASD (embedded UICC controlling authority security domain) provides secure storage of credentials required to support the security domains on an eUICC. A controlling authority security domain (CASD) may also be referred to as a “key store” herein. A security domain within the eUICC contains the operator's over the air (OTA) keys and provides a secure OTA channel. OTA keys are credentials used by an operator for remote management of operator profiles on an eUICC.